4 The signer and signer-client communicate through individual "records" (in a TLS-Session using a SLIP-like protocol, via Serial). All multi-byte integers are transfered in little-endian order. Each record has the following format:
6 1 byte ":" (fixed ascii ':')
9 see type of commands below
11 flags for this command (currently unused)
12 4 byte session identifier
13 session identifier (must be equal for all commands in one TLS session)
14 2 byte command identifier (counter)
15 identifier for invocation. A command may be split into multiple records. All such records must have the same command identifier.
17 total length of the payload
19 indicates which chunk of data is being sent (currently unused)
21 length of payload in this record
23 the playload data of this record
25 bitwise complement of the sum of all bytes until now.
27 1 byte "\n" (fixed ascii '\n')
32 's' indicates commands set by the signer while all other commands are sent by the signer client.
35 Sets the target key of the certificate that is to be created to the one contained in the given CSR.
37 Sets the target key of the certificate that is to be created to the one contained in the given SPKAC-Request.
38 (0x10) setSignatureType
39 Sets the signing algorithms digest algorithm.
40 (sha512|sha384|sha256)
42 Sets the certificate profile to sign with.
44 Sets the desired starting date.
46 Sets the desired ending date (or validity-period).
48 Adds a given SAN (Subject alternative name) to the certificate.
49 (DNS,<dnsname> or email,<email address>)
51 Adds an AVA (Attribute value association) to this certificates subject.
54 <hex>timestamp,<hex>table,<hex>PK,<hex>column=value,<hex>column=value
57 Issue signing request.
59 Provide Log of certificate creation.
60 (0x81) logSaved (checksum of log)
61 Confirm that the log has been saved.
62 s(0x81) respondCertificate
63 Provide the newly created certificate.
65 Provide the name of the CA-certificate with which this certificate has been signed.
68 Add a serial of a certificate that should be revoked.
70 Revoke the provided serials for the CA given in this command.
72 Confirm revocation. Provide the "date" for all newly created CRL-entries and a new CRL-signature. The local CRL should be updated accordingly, the signature updated and then validated.
75 Request a full version of the current CRL.
77 Reply with the full CRL.
80 s(0xC0) timestampResponse